Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
No description
14320 commits 387 branches 195 tags 259 MiB
Find a file
Arne Welzel adf56ef4d8 Skip somer error reporting when the record type has errors 
The added test cases around function/event invocations report the
following flurry of errors when only the first one is relevant and
actionable. There's little use in reporting a mismatch with "error".
Squelch them.

    error in <...>/function-invoke-mismatch-error.zeek, line 8: identifier not defined: MyEnumTypo
    error in <...>/function-invoke-mismatch-error.zeek, line 12 and error: type mismatch (M::MY_ENUM_A and error)
    error in <...>/function-invoke-mismatch-error.zeek, line 12: argument type mismatch in function call (M::to_string(M::MY_ENUM_A))
    error in <...>/function-invoke-mismatch-error.zeek, line 16 and error: type mismatch (M::MY_ENUM_B and error)
    error in <...>/function-invoke-mismatch-error.zeek, line 16: argument type mismatch in function call (M::to_string(M::MY_ENUM_B))
    error in <...>/function-invoke-mismatch-error.zeek, line 20 and error: type mismatch (M::e and error)
    error in <...>/function-invoke-mismatch-error.zeek, line 20: argument type mismatch in function call (M::to_string(M::e))

Record coercion also reports noisy errors when coercing to a type that
has errors for individual fields, type clashing with "error":

    $ zeek language/record-field-error.zeek
    error in ./language/record-coerce-error.zeek, line 8: identifier not defined: MyEnumTypo
    error in ./language/record-coerce-error.zeek, line 19 and ./language/record-coerce-error.zeek, line 5: type clash for field "e" ((coerce [$e=MY_ENUM_B, $s=test] to MyRecord) and MyEnum)
2023-01-27 20:49:22 +01:00
.github/workflows github: cat the check_suite payload 2023-01-27 18:25:21 +01:00
auxil Bump spicy to v1.6.1. 2023-01-26 12:43:39 +01:00
ci Fix CI benchmark script to properly urlencode arguments 2023-01-24 14:53:46 -07:00
cmake@f69e08247e Fixes to support the Npcap library on Windows 2023-01-11 11:42:58 -07:00
doc@9c204e8133 Update doc submodule [nomail] [skip ci] 2023-01-27 00:43:20 +00:00
docker Add new zeek-client dependency to Dockerfile: python3-websocket 2022-10-24 15:59:26 -07:00
man Add documentation for GH-1829 2021-11-16 13:51:29 +00:00
scripts MySQL: Fix endianness, introduce mysql_eof() event 2023-01-27 10:59:23 +01:00
src Skip somer error reporting when the record type has errors 2023-01-27 20:49:22 +01:00
testing Skip somer error reporting when the record type has errors 2023-01-27 20:49:22 +01:00
.cirrus.yml cirrus: Introduce SKIP_TASK_ON_PR 2023-01-25 12:54:10 +01:00
.clang-format Add pre-commit config. 2021-11-09 07:20:18 +01:00
.clang-tidy Disable annoying bugprone-easily-swappable-parameters clang-tidy check [skip ci] 2022-10-07 16:15:47 -07:00
.dockerignore Add .dockerignore to suppress btest artifacts 2021-09-24 17:04:26 -07:00
.git-blame-ignore-revs GH-1781: Add .git-blame-ignore-revs file 2021-11-02 16:06:36 -07:00
.gitattributes GH-1497: Support CRLF line-endings in Zeek scripts and signature files 2021-04-08 20:32:30 -07:00
.gitignore Cirrus configuration for Windows builds 2022-11-09 18:16:13 +02:00
.gitmodules Add libunistd submodule, needed by future MSVC work 2022-11-09 18:13:40 +02:00
.pre-commit-config.yaml Format Python scripts with yapf. 2021-11-24 23:13:24 +01:00
.style.yapf Format Python scripts with yapf. 2021-11-24 23:13:24 +01:00
.update-changes.cfg Add script to update external test repo commit pointers 2019-04-05 17:09:01 -07:00
CHANGES Merge branch 'topic/awelzel/ci-notification-adaption' 2023-01-27 18:45:32 +01:00
CMakeLists.txt Make sure the DEBUG flag is defined when building in debug mode 2023-01-19 09:13:33 -07:00
configure Configure script: drop --with-caf, add -D option 2022-11-05 09:00:13 +01:00
COPYING Update COPYING to 2023 2023-01-03 12:10:03 -07:00
COPYING-3rdparty Rename COPYING.3rdparty to COPYING-3rdparty 2023-01-03 12:10:03 -07:00
INSTALL Update documentation to include "Book of Zeek" revisions 2021-02-01 15:54:36 -08:00
Makefile Keep make dist from deleting all paths containing 'build' [skip ci] 2022-06-03 22:36:19 +00:00
NEWS Merge branch 'topic/awelzel/2696-mysql-analyzer-issues' 2023-01-27 11:25:23 +01:00
README Fix hello world script in the readme. 2019-07-31 14:43:18 -04:00
README.md Fix logo/website link in README [skip ci] 2021-01-20 11:04:17 -08:00
VERSION Merge branch 'topic/awelzel/ci-notification-adaption' 2023-01-27 18:45:32 +01:00
zeek-config.h.in Fixes to support the Npcap library on Windows 2023-01-11 11:42:58 -07:00
zeek-config.in Remove other general deprecations 2022-06-30 19:17:13 +00:00
zeek-path-dev.in Compile Zeek with MSVC 2022-11-09 18:15:30 +02:00
zkg-config.in Add bin_dir setting for default zkg config file 2021-03-24 15:53:10 -07:00

README.md

Zeek Logo

The Zeek Network Security Monitor

A powerful framework for network traffic analysis and security monitoring.

Key FeaturesDocumentationGetting StartedDevelopmentLicense

Follow us on Twitter at @zeekurity.

Coverage Status

Key Features

  • In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.

  • Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.

  • Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.

  • Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity.

Getting Started

The best place to find information about getting started with Zeek is our web site www.zeek.org, specifically the documentation section there. On the web site you can also find downloads for stable releases, tutorials on getting Zeek set up, and many other useful resources.

You can find release notes in NEWS, and a complete record of all changes in CHANGES.

To work with the most recent code from the development branch of Zeek, clone the master git repository:

git clone --recursive https://github.com/zeek/zeek

With all dependencies in place, build and install:

./configure && make && sudo make install

Write your first Zeek script:

# File "hello.zeek"

event zeek_init()
    {
    print "Hello World!";
    }

And run it:

zeek hello.zeek

For learning more about the Zeek scripting language, try.zeek.org is a great resource.

Development

Zeek is developed on GitHub by its community. We welcome contributions. Working on an open source project like Zeek can be an incredibly rewarding experience and, packet by packet, makes the Internet a little safer. Today, as a result of countless contributions, Zeek is used operationally around the world by major companies and educational and scientific institutions alike for securing their cyber infrastructure.

If you're interested in getting involved, we collect feature requests and issues on GitHub here and you might find these to be a good place to get started. More information on Zeek's development can be found here, and information about its community and mailing lists (which are fairly active) can be found here.

License

Zeek comes with a BSD license, allowing for free use with virtually no restrictions. You can find it here.